Advertisement

Making Digital Signatures Work across National Borders

  • Jon Ølnes
  • Anette Andresen
  • Leif Buene
  • Olga Cerrato
  • Håvard Grindheim

Abstract

Requirements for use of advanced electronic (i.e. digital) signatures are increasingly being raised. Today, the market for PKI-based electronic IDs (eID) is almost exclusively national, leaving international interoperability as a major issue. The main problem is not technical validation of eIDs and signatures, but rather how to assess and manage the risk related to their acceptance. This paper introduces a Validation Authority (VA) as a new, trusted role, providing the receiver of a digitally signed document with a single trust anchor. The VA provides one agreement and thus one liable party for validation of signatures, a single point of integration, and quality assessment of eIDs and signatures. Thus, the receiver is able to accept any digital signature with an assessed risk.

Keywords

Digital Signature Smart Card National Border Electronic Signature Trust Structure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [Andresen]
    Andresen, Anette: DNV VA XML Schema Description. Available from http://www.dnv.com/ict/va/ 2007Google Scholar
  2. [Backhouse]
    Backhouse J., Hsu C, Tseng J., Baptista J.: A Question of Trust — An Economic Perspective on Quality Standards in the Certification Services Market. Communications of the ACM, Vol. 48 No 9, 2005.Google Scholar
  3. [Burr]
    Burr, Bill: NIST Cryptographic Standards Status Report. 5th Annual PKI R&D Workshop, NIST, Gaithersburgh, USA, 2006.Google Scholar
  4. [CEN]
    CEN: Secure Signature-Creation Devices EAL 4+. CWA 14169, 2002.Google Scholar
  5. [Certipost]
    Certipost: Certification Practices Statement, European IDABC Bridge/Gateway CA for Public Administrations v2.0. EBGCA-DEL-015, 2005.Google Scholar
  6. [ETSI1]
    ETSI: Electronic Signatures and Infrastructures; International Harmonization of Policy Requirements for CAs Issuing Certificates. ETSI TR 102 040 vl.3.1, 2005.Google Scholar
  7. [ETSI2]
    ETSI: Electronic Signatures and Infrastructures; Provision of Harmonized Trust Service Provider Information. ETSI TS 102 231 v2.1.1, 2006.Google Scholar
  8. [EU]
    EU: Community Framework for Electronic Signatures. Directive 1999/93/EC of the European Parliament and of the Council, 1999.Google Scholar
  9. [FPKI]
    Federal PKI Policy Authority (FPKIPA): X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) Version 2.1, 2006.Google Scholar
  10. [Ølnesl]
    Ølnes, Jon: PKI Interoperability by an Independent, Trusted Validation Authority. 5th Annual PKI R&D Workshop, NIST, Gaithersburgh, USA, 2006.Google Scholar
  11. [Ølnes2]
    Ølnes, Jon: DNV VA Quality Parameters, Certificate and Signature Quality. Available from http://www. dnv.com/ict/va/ 2007.Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Jon Ølnes
    • 1
  • Anette Andresen
    • 2
  • Leif Buene
    • 2
  • Olga Cerrato
    • 1
  • Håvard Grindheim
    • 2
  1. 1.DNV Research & InnovationHøvikNorway
  2. 2.DNV IndustryHøvikNorway

Personalised recommendations